Re: gnutls & TLS1.1

[Simon Josefsson]

On 31 jan 2008, at 22.16, Matt Smith wrote:

> Hello Mr. Josefsson,
>   I was wondering if you could assist me.
>
> I am looking for a packet capture of a TLS1.1 session being  
> established.
> I attempted to use tcpdump on my local system while connecting with  
> your test server here:
> https://test.gnutls.org:5556/
>
> As the test page states, this connection was made using TLS1.0, so  
> that's not exactly what I need.

You must use a client that supports TLS 1.1.  The test server will  
negotiate TLS 1.1 if your client supports it.  If you used a browser  
to access that page, chances are that your browser doesn't implement  
TLS 1.1.  Try gnutls-cli from GnuTLS itself.

> I also attempted to download and install gnutls-2.3.0.tar.bz2 ,  
> however, the README for that file says that it only supports SSLv3  
> and TLSv1.0 (although I suppose that the README has not yet been  
> updated if this is the newest version of mod_gnutls).

Oops!  I'll fix the README tomorrow, it is probably better if it  
doesn't say anything about version numbers at all.

> You wouldn't happen to have a pcap of a TLSv1.1 session being  
> established, would you?
> or, Am I correct in thinking that gnutls2.3.0 should indeed support  
> TLS1.1?
> or, would it be possible to reconfigure the test server to only  
> accept TLS1.1 (drastic, and the least desirable option).

The test server and gnutls2.3.0 supports TLSv1.1, so I don't think  
getting a pcap will be difficult for you.  But if you can't get it to  
work, I'll see if I can produce a pcap file for you.

Thanks,
/Simon